LSASS, SAM, and local security policy

The protected security process and data stores behind local accounts and policy decisions.

Official Microsoft docs

Closest official references related to this topic on Microsoft Learn.

Microsoft Learn

Credentials processes in Windows authentication

learn.microsoft.com

Microsoft Learn

Windows authentication architecture

learn.microsoft.com

If you want to understand local account validation, security policy, and why LSASS is so sensitive, this is the core topic.

LSASS is the protected security authority; SAM is one of the authoritative stores it consults for local account information.

1LSASS hosts core security logic and manages authentication package interactions.
2For local accounts, SAM stores account records and password-derived data.
3Successful authentication contributes to logon session and token creation under local security policy.

LSA: The Local Security Authority, the subsystem responsible for local security policy and sign-in decisions.
SAM database: The local database holding machine-local account information.

The machine is not asking a domain controller. The decision is made using local security components and locally authoritative account data.

LSASS is not only a password checker. It is a broader security authority managing policy, package coordination, and logon state.

Ranked from your current topic, related links, branch depth, and any active guided path.

intermediate

How Windows chooses and uses protocol packages to validate identities.

Next step in your guided path

intermediate

SIDs, privileges, impersonation, and the identity payload every process carries.

How Windows stores system and application configuration in hierarchical hives.